You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: active-directory
6
6
ms.service: active-directory
7
7
ms.subservice: authentication
8
8
ms.topic: conceptual
9
-
ms.date: 03/18/2019
9
+
ms.date: 05/23/2019
10
10
11
11
ms.author: joflore
12
12
author: MicrosoftGuyJFlo
@@ -21,7 +21,7 @@ Before combined registration, users registered authentication methods for Azure
21
21
22
22
23
23
24
-
Before enabling the new experience, review this administrator-focused documentation and the user-focused documentation to ensure you understand the functionality and effect of this feature. Base your training on the user documentation to prepare your users for the new experience and help to ensure a successful rollout.
24
+
Before enabling the new experience, review this administrator-focused documentation and the user-focused documentation to ensure you understand the functionality and effect of this feature. Base your training on the [user documentation](../user-help/user-help-security-info-overview.md) to prepare your users for the new experience and help to ensure a successful rollout.
25
25
26
26
Azure AD combined security information registration is not currently available to national clouds like Azure US Government, Azure Germany, or Azure China 21Vianet.
27
27
@@ -81,20 +81,20 @@ Combined registration respects both Multi-Factor Authentication and SSPR policie
81
81
82
82
Here are several scenarios in which users might be prompted to register or refresh their security info:
83
83
84
-
* Multi-Factor Authentication registration enforced through Identity Protection: Users are asked to register during sign-in. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
85
-
* Multi-Factor Authentication registration enforced through per-user Multi-Factor Authentication: Users are asked to register during sign-in. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
86
-
* Multi-Factor Authentication registration enforced through conditional access or other policies: Users are asked to register when they use a resource that requires Multi-Factor Authentication. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
87
-
* SSPR registration enforced: Users are asked to register during sign-in. They register only SSPR methods.
88
-
* SSPR refresh enforced: Users are required to review their security info at an interval set by the admin. Users are shown their info and can confirm the current info or make changes if needed.
84
+
- Multi-Factor Authentication registration enforced through Identity Protection: Users are asked to register during sign-in. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
85
+
- Multi-Factor Authentication registration enforced through per-user Multi-Factor Authentication: Users are asked to register during sign-in. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
86
+
- Multi-Factor Authentication registration enforced through conditional access or other policies: Users are asked to register when they use a resource that requires Multi-Factor Authentication. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
87
+
- SSPR registration enforced: Users are asked to register during sign-in. They register only SSPR methods.
88
+
- SSPR refresh enforced: Users are required to review their security info at an interval set by the admin. Users are shown their info and can confirm the current info or make changes if needed.
89
89
90
90
When registration is enforced, users are shown the minimum number of methods needed to be compliant with both Multi-Factor Authentication and SSPR policies, from most to least secure.
91
91
92
92
For example:
93
93
94
-
* A user is enabled for SSPR. The SSPR policy required two methods to reset and has enabled mobile app code, email, and phone.
95
-
* This user is required to register two methods.
96
-
* The user is shown authenticator app and phone by default.
97
-
* The user can choose to register email instead of authenticator app or phone.
94
+
- A user is enabled for SSPR. The SSPR policy required two methods to reset and has enabled mobile app code, email, and phone.
95
+
- This user is required to register two methods.
96
+
- The user is shown authenticator app and phone by default.
97
+
- The user can choose to register email instead of authenticator app or phone.
98
98
99
99
This flowchart describes which methods are shown to a user when interrupted to register during sign-in:
0 commit comments